The fix wordpress malware fix Codex has an outline of what permissions are okay. Directory and file permissions can be changed either via an FTP client or within the administrative page from your web host.
Strong passwords - Do what you can to use a password, alpha-numeric. Easy to remember passwords are also easy to guess!
Keep your WordPress Setup to date - One of the simplest and most valuable tasks you can do yourself is to make sure your WordPress installation is upgraded. WordPress provides you a notice on your dashboard, so there is really no reason to not do this.
In addition to adding a secret key to your wp-config.php file, also consider changing your user password into something that's strong and unique. A great idea is to avoid phrases, use letters, and include numbers, although you will be told the strength of your password by wordPress. It's also a good idea to change your password regularly - say once.
Implementing all the above will probably take less than an hour to complete, while creating your WordPress website more immune to intrusions. Over 1 million WordPress sites were cracked last year, largely due to easily preventable security gaps. Have yourself prepared and you are likely to try this out be on the safe Click This Link side.